CMS Made Simple 2.2.15 Cross Site Scripting

CMS Made Simple version 2.2.15 suffers from a reflective cross site scripting vulnerability.

MD5 | 1bd97d4c76ab1904826cf2601e327f7c

# Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)
# Date: 2021/03/19
# Exploit Author: bt0
# Vendor Homepage:
# Software Link:
# Version: 2.2.15
# CVE: CVE-2021-28935


If you log into Admin panel and open My Preferences you could be able to exploit XSS in title field

Reflected XSS in /admin/addbookmark.php

Some payloads that works:



Related Posts